As computing devices evolve from a standalone-operating model to a networked-operating model, more and more computing devices communicate with one another via some network configuration, such as the Internet. However, many businesses, educational or governmental entities have been reluctant to fully utilize this networked-operating model. One concern relates to the lack of an adequate mechanism for verifying the security of the transactions involved and the participants involved.
Some attempts have been made to resolve this security issue. One approach verifies an individual's identity by examining his or her physical trait or behavioral characteristics, such as a fingerprint, retina, signature, voice pattern or palm print. These characteristics can also be referred to as biometric data. Fingerprint identification is one such example of biometric authentication.
Today's fingerprint identification technology however has several flaws. First, since exterior contaminants and biological factors such as dryness and callus constantly affect skin, this identification mechanism often results in high false acceptance ratio or false rejection ratio. In addition, the current identification mechanism tends to employ a static approach, where authentication is performed once only. As a result, not only does the static approach yield a high probability of errors, an individual seeking to defeat the verification process can also fraudulently substitute appropriate biometric data as his or her own. For example, person B has her confidential financial records protected by her fingerprint information. In other words, in order to access B's financial records, B's fingerprint is required. With that knowledge, person A can attempt to obtain person B's fingerprint information. Since authentication is only performed once, as long as A is able to pass that one validation step, A can then proceed to access any of B's confidential information.
Therefore, as has been demonstrated, a method or an apparatus is needed to continuously authenticate a user's identity.